Category: virus removal

Facebook malware sending people to junglemix.in Phishing!

Paul

fblightfacebookphish

It looks like this is the newest phishing attempt for the Facebook community.  According to Sans, there is malware trying to send out messages to go to “junglemix.in”.  I visited the site and it redirects me to “http://fblight.com/”.   This is a phishing site because you can see from the address bar.   As of writing this post, it has been flagged by Phishtank that this is a phishing site.  I am glad people are reporting these types of sites to prevent people from getting there account stolen.

Find out the other phishing attempts that have been talked about, keep yourself safe.  Also this is a good time to[intlink id=”2205″ type=”page”] install some free Anti-virus or Free Firewall[/intlink] software to help protect your computer from Malware.

Cellular Modem common problem — DNS LOOKUP

Paul2 Replies

With Cellular Modems being used more and more, the common problem is:

Address not Found Address not Found

This is something that comes with any ISP the DNS lookup problem. In which your connection acts like a VPN connection, it connects to a cell tower and then gets transported to the nears server and then goes on the internet. The Server does the DNS lookup for you and send you to the right page. There seems to be a problem with my Cellular DNS server because it doesn’t have a complete list and if it doesn’t know where you to go you get that screen.

[ad#cricket-right-ez]So I found an easy way to fix this problem. I have been using my Host file to tell my computer the IP of the server that I am having the problem. So how do I find out the Ip of the server? This can be a problem to an extent.

I found that visiting the OpenDns.com Cache check will tell me the internet protocol of the server for the time but it could change. I just edit the host file manually and insert the need information by hand. Like I said the IP may change from time to time depending on where you are going or if it is a big server. The servers ip will rotate to help the bandwidth and keep it even on all servers, so this only works with servers that have a Static IP.

There is a program that will help you manage your host file it’s called Hostman and this does makes editing your Host file a little more easily. I have used this and I haven’t found anything that does do anywhere better than this. If you have a suggestion on a good Host Manager, please tell people in the Forums or leave a comment. I’d love to hear some good programs to help update the Host file more easily.

Nikki Catsouras being used to spread Malware

Paul6 Replies

I was doing my usual perusing the internet and I came across this site about Nikki Catsouras Accident Photos, I won’t go into gruesome details but looks like the Malware Authors are at it again with trying to have you install Fake codecs into your system.

nikkicatsitepicThese are some of the nicer pictures on the site

 

I must warn you if you go to the site there are some very gruesome and disturbing pictures of the accident, but that not what is computer related.  On the site they also have a Video that isn’t really a Video.  Clicking that video link pops up this in my AVG warning window:

 

nikkicatvidofakeThis is the Free Version of AVG

 

As you can see, the Malware authors are using the accident video to get people to install the Fake Codec to install some Trojan, worm, or even a Virus onto your system.  I’ve talked about this from time to time but if  you need to install a codec from a site you don’t trust.  I don’t recommend this to anyone.   I would keep with the known Codecs and keep away from any site that says you will need to install a codec or tries to install a codec.   I also recommend some Free Antivirus and Free Firewall software to better protect you.  As you can see the free AVG software that I was using did detect this and prevented me from going any further.  So the Free software Antivirus providers are keeping even the most common users safe.

 

If you did visit that and get the virus, Trojan, or worm, you can visit my Maleware resources to  find tools to help remove this problem.

 

nikkitrends5209

 

As of writing the post this seems to be on the Google Trends on May 2.  I will always tell people to go to the trust media sites if they are wondering who this person or what happen.   It looks like they Media is going wild over the court cases right now to take down the pictures.  I am all for the family wanting those picture.  I do hope they take them down.

 

Mikeyy Worms stills going around Twitter

Paul

It seems Mikeyy has spawned a new and improved little advertisement:

Twitter, hire Mikeyy! (718) 312-8131 🙂

As you can see from tweets:
mikey12

It seems this is the new campaign started earlier this morning around 1am or so for Mikeyy and people have found this rather annoying but it is teaching Twitter a lesson, this would be good PR if they hired Mikeyy. Obviously he has a lot to offer but I guess who ever wrote this variant for the Mikeyy Worm went and found his number on a stickcam website:

mickstickcam

Anyone who just Google the number right now could find out the stickcam profile, so I won’t direct you to it. I just hope this doesn’t keep up to much longer. If you’ve been infected with this worm I would refer to my other [intlink id=”3308″ type=”post”]post about removing the worm[/intlink]. I do know if you aren’t logged into twitter through your browser you will not get the worm. This is a simple exploit where they use your browser cookies to infect your Twitter account. So if you view any twitter accounts just keep logged out of Twitter in your browser and you should help prevent this from happening until Twitter gets this under control.

Conficker Gets a new Look : Spyware Protector 2009

Paul3 Replies

Looks like the Conficker Worm has changed directions according to Viruslist:

One of the files is a rogue antivirus app, which we detect as FraudTool.Win32.SpywareProtect2009.s. The first version of Kido, detected back in November 2008, also downloaded fake antivirus to the infected machine. And once again, six months later, we’ve got unknown cybercriminals using the same trick.

The rogue software, SpywareProtect2009, can be found on spy-protect-2009.com., spywrprotect-2009.com, spywareprotector-2009.com.

[See Pictures of website at Viruslist.com]

[ad#cricket-right-ez]From my understanding of this worm, it seems to be trying to [intlink id=”3114″ type=”post”]scareware tactic[/intlink] trying to get you to pay $49.95 to remove these threats. F-secure has also seen this worm and thinks this is doing what the Waldec virus is doing by becoming a spambot. According to Eset, the botnet is larger than most and this could create a problem in the future.  It seems that it used the p2p to distribute this update so they could bypass the domain blocks that were in place.

I will tell you this, if you get the warnings you are infected by all means go to my [intlink id=”2205″ type=”page”]Malware resource page[/intlink] and do a scan from the trusted sources.   I will update as I get more information on this little development.